[CERT-daily] Tageszusammenfassung - Mittwoch 4-05-2016

Wed May 4 18:13:37 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 03-05-2016 18:00 − Mittwoch 04-05-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Dev using Libarchive? Patch and push ***
---------------------------------------------
Input validation bug opens code execution vuln The popular Libarchive open source compression library needs an update to cover a code execution vulnerability.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/05/04/dev_using_libarchive_patch_and_push/


*** Sicherheitsupdates: PHP anfällig für Remote Code Execution ***
---------------------------------------------
Angreifer können verschiedenen PHP-Versionen aus der Ferne Schadcode unterjubeln. Drei abgesicherte Versionen schließen zwei Sicherheitslücken.
---------------------------------------------
http://heise.de/-3196826


*** Neue Versionen von Apache Struts wehren sich gegen Schad-Code ***
---------------------------------------------
Über eine Sicherheitslücke können Angreifer Server mit Apache Struts unter Umständen aus der Ferne attackieren und Code ausführen.
---------------------------------------------
http://heise.de/-3196868


*** Petya: the two-in-one trojan ***
---------------------------------------------
Petya Trojan is an unusual hybrid of an MBR blocker and data encryptor: it prevents not only the operating system from booting but also blocks normal access to files located on the hard drives of the attacked system.
---------------------------------------------
http://securelist.com/blog/research/74609/petya-the-two-in-one-trojan/


*** Höflicher Erpressungstrojaner entschuldigt sich und bittet um Geschenke ***
---------------------------------------------
Ein neuer Krypto-Trojaner geht um: Die Alpha Ransomware verlangt iTunes-Gutscheine vom Opfer, sonst bleiben die Daten mit AES-256 verschlüsselt. Der Erpresserbrief ist überraschend höflich, verschweigt allerdings wichtige Details.
---------------------------------------------
http://heise.de/-3197135


*** Yet Another Padding Oracle in OpenSSL CBC Ciphersuites ***
---------------------------------------------
Yesterday a new vulnerability has been announced in OpenSSL/LibreSSL. A padding oracle in CBC mode decryption, to be precise. Just like Lucky13. Actually, it's in the code that fixes Lucky13.It was found by Juraj Somorovsky using a tool he developed called TLS-Attacker. Like in the "old days"...
---------------------------------------------
https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/


*** Neutrino exploit kit sends Cerber ransomware, (Wed, May 4th) ***
---------------------------------------------
Introduction Seems like were always finding new ransomware. In early March 2016, BleepingComputer announced a new ransomware named Cerber had appeared near the end of February [1]. A few days later, the Malwarebytes blog provided further analysis and more details on subsequent Cerber samples [2]. Cerber is distributed through exploit kits (EKs) and malicious spam (malspam). Ive only seen .rtf attachments that download and install Cerber if opened in Microsoft Word [3]." /> Shown above:...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21017


*** Security Advisory: Stored XSS in bbPress ***
---------------------------------------------
Exploitation Level: Easy/Remote DREAD Score: 6/10 Vulnerability: Stored XSS Patched Version: bbPress 2.5.9 During regular research audits of our Sucuri Firewall, we discovered a Stored XSS vulnerability affecting the bbPress plugin for WordPress which is currently installed on 300,000 live websites - one of them being the popular wordpress.org support forum. Vulnerability Disclosure Timeline: April...
---------------------------------------------
https://blog.sucuri.net/2016/05/security-advisory-stored-xss-bbpress-2.html


*** Xcode 7.3.1 ***
---------------------------------------------
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
---------------------------------------------
https://support.apple.com/kb/HT206338


*** Cisco Prime Collaboration Assurance Open Redirect Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca


*** F5 Security Advisory: Multiple OpenSSL vulnerabilities CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/07/sol07538415.html?ref=rss


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427) ***
http://www.ibm.com/support/docview.wss?uid=swg21982223
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for UNIX (CVE-2016-0799, CVE-2016-0702). ***
http://www.ibm.com/support/docview.wss?uid=swg21981764
---------------------------------------------
*** IBM Security Bulletin: Potential vulnerabilities in IBM OpenPages GRC Platform with Application Server ***
http://www.ibm.com/support/docview.wss?uid=swg21982462
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Metrics Manager (CVE-2016-0448, CVE-2016-0466) ***
http://www.ibm.com/support/docview.wss?uid=swg21977134
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM SDK, Java Technology Edition affect IBM Tivoli Network Manager IP Edition ***
http://www.ibm.com/support/docview.wss?uid=swg21975424
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM InfoSphere Information Server installer could expose sensitive information (CVE-2015-7493) ***
http://www.ibm.com/support/docview.wss?uid=swg21982034
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for UNIX (CVE-2015-3194, CVE-2015-3195). ***
http://www.ibm.com/support/docview.wss?uid=swg21981765
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Cognos Metrics Manager (CVE-2015-2017) ***
http://www.ibm.com/support/docview.wss?uid=swg21976798
---------------------------------------------
*** IBM Security Bulletin: DB2 local escalation of privilege vulnerability affects IBM Tivoli Storage Manager server (CVE-2015-1947) ***
http://www.ibm.com/support/docview.wss?uid=swg21979698
---------------------------------------------
*** IBM Security Bulletin: A security vulnerability has been identified in IBM Tivoli / Security Directory Server ***
http://www.ibm.com/support/docview.wss?uid=swg21980585
---------------------------------------------


Next End-of-Shift report on 2016-05-06